Updated packages uploaded for Mageia 1, Mageia 2, and Cauldron.
Advisory:
========================
Updated rpmdevtools package fixes security vulnerability:
A TOCTOU race condition was found in the way 'annotate-output' (used to
execute a program annotating the output linewise with time and stream) tool
of rpmdevtools before 8.3 performed management of its temporary files used
for standard output and standard error output. A local attacker could use
this flaw to conduct symbolic link attacks, possibly leading to their
ability in an unauthorized way to alter files belonging to the user running
the 'annotate-output' tool (CVE-2012-3500).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3500http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html
========================
Updated packages in core/updates_testing:
========================
rpmdevtools-8.3-1.mga1
rpmdevtools-8.3-1.mga2
from SRPMS:
rpmdevtools-8.3-1.mga1.src.rpm
rpmdevtools-8.3-1.mga2.src.rpm

For Mageia 1, the version jump changes more than just the annotate-output fix, but given that this tool is just targeted at packagers and not required by a lot of packages (and apparently not required at all as a build dependency), ok with pushing version 8.3 to Mageia 1.
I tested some of the commands among those provided by the package, including annotate-output.
Comprehensive list of commands:
/usr/bin/annotate-output
/usr/bin/checkbashisms
/usr/bin/licensecheck
/usr/bin/manpage-alert
/usr/bin/rpmargs
/usr/bin/rpmdev-bumpspec
/usr/bin/rpmdev-checksig
/usr/bin/rpmdev-cksum
/usr/bin/rpmdev-diff
/usr/bin/rpmdev-extract
/usr/bin/rpmdev-md5
/usr/bin/rpmdev-newinit
/usr/bin/rpmdev-newspec
/usr/bin/rpmdev-packager
/usr/bin/rpmdev-rmdevelrpms
/usr/bin/rpmdev-setuptree
/usr/bin/rpmdev-sha1
/usr/bin/rpmdev-sha224
/usr/bin/rpmdev-sha256
/usr/bin/rpmdev-sha384
/usr/bin/rpmdev-sha512
/usr/bin/rpmdev-sort
/usr/bin/rpmdev-sum
/usr/bin/rpmdev-vercmp
/usr/bin/rpmdev-wipetree
/usr/bin/rpmelfsym
/usr/bin/rpmfile
/usr/bin/rpminfo
/usr/bin/rpmls
/usr/bin/rpmpeek
/usr/bin/rpmsodiff
/usr/bin/rpmsoname
/usr/bin/spectool